On 9/4/15, 8:51 PM, "macports-users-boun...@lists.macosforge.org on behalf of Ryan Schmidt" <macports-users-boun...@lists.macosforge.org on behalf of ryandes...@macports.org> wrote:
> >On Sep 4, 2015, at 5:27 PM, Brandon Allbery wrote: > >> Others have reported this. Unfortunately, there is no guarantee that >>some random chunk of code or data won't hash to the same value as a >>virus; it's statistically unlikely, but over time the probability of a >>false positive will tend toward unity. And in fact false positives are >>rare but known to happen, as one would expect. > >The whole point of hash algorithms is to provide something very close to >that guarantee. Some hash algorithms are broken, so they can no longer >provide that guarantee; md5 is an example of a broken hash algorithm. >Tools exist to let you craft two different files that hash to the same >md5 sum. But newer algorithms like sha256 and rmd160 are not yet broken >and still provide sufficiently strong assurances that if the hash of a >file is the expected value, then the contents of the file are the >expected contents as well. That's why we use sha256 and rmd160 checksums >to verify the integrity of the files MacPorts ports download. > >I assume the Sophos claim of iPh/WireLurk-G in zlib is a false positive >and refer concerned users to Sophos. I had this problem and reported it to our IT staff, who reported it to sophos, who confirmed that there was a problem with the virus definitions. They say that it’s been fixed now. — Steve _______________________________________________ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users